Designing Serverless Architecture with AWS Lambda

AWS Lambda has changed the way we deploy and run software, but this new paradigm has also created new challenges for old problems. For example, how do you test a cloud-hosted function locally, and how do you monitor it? What about logging and config management? And how do you start migrating from existing architectures?

Over two days, expert Yan Cui shares solutions to the challenges of running Lambda in production and migrating from an existing monolithic system. Through a mix of lectures, demonstrations, and hands-on exercises, you'll learn testing strategies for lambda functions and how to monitor them in production, how to create continuous integration and development (CI/CD) pipelines for lambda functions, how to implement centralized logging and distributed tracing, how to manage configurations, and how to secure lambda functions. You'll also discover serverless design patterns and best practices when using AWS Lambda with API Gateway and Kinesis.

What you'll learn-and how you can apply it

Why testing lambda functions requires a different approach and mindset

The current limitations and trade-offs of AWS Lambda and how to work through them

How AWS Lambda affects the security of your application and what is still left to protect in a serverless architecture

Best practices for using AWS Lambda with API Gateway and Kinesis and how to implement them

How to navigate any challenges that may come up as your serverless architecture becomes more expansive and complex

About your instructor

Yan Cui has nearly a decade of experience working with AWS. He has architected and implemented a large Serverless architecture of over 170 Lambda functions utilizing many AWS services including API Gateway, Kinesis, IOT, DynamoDB, SNS, Elasticache and many more. He has been through the journey of migrating a monolithic system to Lambda and has solved the many growing pains as his Serverless architecture became more expansive and complex.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Day 1

AWS Lambda basics (10 minutes)

Lecture and demonstrations: How to create a simple lambda function; a tour of the AWS Lambda management console

Getting started with the Serverless Framework (25 minutes)

Lecture and demonstrations: How to use the Serverless Framework to create and deploy an API using API Gateway and Lambda; how to use the Serverless Framework to create a Kinesis processor

Hands-on exercise: Create a "Hello, world" lambda function and deploy it using the Serverless Framework

Q&A

Testing lambdas (15 minutes)

Lecture and demonstrations: A technique for reusing test cases for both integration and acceptance tests

Break (10 minutes)

Continuous integration and continuous delivery (30 minutes)

Lecture and demonstration: How to set up a CI/CD pipeline for Lambda

Q&A

Centralized logging (10 minutes)

Lecture and demonstrations: How to use the AWS management console to subscribe CloudWatch logs to Amazon Elasticsearch and automatically subscribe new CloudWatch log groups to Amazon Elasticsearch; how to use lambda functions to process and ship log entries to a self-hosted third-party ELK stack

Distributed tracing (30 minutes)

Lecture and demonstrations: How to set up custom traces and see a trace in X-Ray; the current limitations for X-Ray; how to extend tracing to Kinesis and SNS processing lambda functions by capturing and forwarding correlation IDs

Lecture and demonstration: How to use environment variables to configure lambda functions; how to use EC2 Parameter Store and KMS to manage config values and secrets

Hands-on exercise: Use the Serverless Framework to configure environment variables for lambda functions

Lambda in virtual private clouds (VPCs) (10 minutes)

Lecture and demonstration: How to configure a lambda function to be deployed to your VPC in order to access Elasticache

Q&A

Break (10 minutes)

Security (40 minutes)

Lecture and demonstration: How to use Identity and Access Management (IAM) (configured via the Serverless Framework) to specify a minimum set of permissions for your lambda functions; how to use the API key to secure APIs in API Gateway; how to use IAM roles to secure APIs in API Gateway; cross-site scripting attacks against a Lambda-backed site; SQL injection attacks

Hands-on exercise: Use the Serverless Framework to configure IAM policies per function

Q&A

Lambda best practices (15 minutes)

Lecture and demonstration: AWS Lambda best practices; API Gateway best practices with Lambda; Kinesis best practices with Lambda

Break (10 minutes)

Step functions (20 minutes)

Lecture and demonstration: How to use step functions to chain invocation of lambda functions; how to manage step function state; how to handle errors in step functions

Hands-on exercise: Create a "Hello, world" step function

Exploring design patterns (25 minutes)

Lecture and demonstration: How to apply architecture patterns, such as fan out, fan in, saga, and event sourcing, with Lambda and other AWS services